API: Exposing your internal enterprise application to the outside world

No shame: For the last few years you have been successfully building internal integration flows between your own business applications and data centres. You have seen it all: point-to- point integrations, message queues, ETLs, integration platforms, SOA architectures.

Brave new world: But new projects are coming. One is to build a fancy customer portal running on cloud infrastructure. It will be developed by an external vendor and they need real-time access to your database.

Another is creating a mobile app for your field employees. External specialists will build the app, and they need to read and write data to some of your internal systems.

Finally, the partner channel guys initiated another project. They want several large partners to access your customer data and submit new orders from their sales apps directly into your systems, bypassing the old partner portal that you built three years ago.

Fast or secure? We need both. All three projects promise good business value and your boss is excited about them. Now, each of them requires access to sensitive business data from an external environment that you cannot control. And, yes, access to data should be in real time, response rates - instant and availability - three nines.

Turning your sysadmins into babysitters? People developing these applications know nothing about your internal systems. They don’t have access to the massive tacit knowledge that has been your second nature for years. They will need plenty of education and hand-holding.

Alternatively, you need to provide these guys with comprehensive documentation, plenty of test data and ability to troubleshoot the calls they make invoking your API. All without overloading your system administrators.

What is the right way to deliver these projects? This is a tough question, commonly answered with “it depends...

Not all depends, though. There are some key elements, best practices and rules of thumb to help start off right. The overarching framework, key toolset and decision criteria are reasonably clear. Only the specifics depend.

We are preparing a real-life guide to help you explore the features of typical API management solutions at a glance, decide if you need one. Also you will get a framework to divide responsibilities between service consuming applications, back-end enterprise systems, integration and API management platforms. We expect to publish the paper by the end of the October.